mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 15:55:13 +00:00
more work on sessions and cookies, as some anomalies appeared in caldav and firefox which suggested deeper issues
This commit is contained in:
parent
c8322e89c6
commit
2dcedd6951
7 changed files with 40 additions and 26 deletions
|
@ -13,8 +13,8 @@ namespace Zotlabs\Web;
|
|||
|
||||
class Session {
|
||||
|
||||
private static $handler = null;
|
||||
private static $session_started = false;
|
||||
static private $handler = null;
|
||||
static private $session_started = false;
|
||||
|
||||
public function init() {
|
||||
|
||||
|
@ -29,7 +29,7 @@ class Session {
|
|||
*/
|
||||
|
||||
$handler = new \Zotlabs\Web\SessionHandler();
|
||||
self::$handler = $handler;
|
||||
$this->handler = $handler;
|
||||
|
||||
$x = session_set_save_handler($handler,false);
|
||||
if(! $x)
|
||||
|
@ -38,11 +38,12 @@ class Session {
|
|||
// Force cookies to be secure (https only) if this site is SSL enabled.
|
||||
// Must be done before session_start().
|
||||
|
||||
|
||||
$arr = session_get_cookie_params();
|
||||
session_set_cookie_params(
|
||||
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
|
||||
((isset($arr['path'])) ? $arr['path'] : '/'),
|
||||
((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
|
||||
(($arr['domain']) ? $arr['domain'] : \App::get_hostname()),
|
||||
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
|
||||
((isset($arr['httponly'])) ? $arr['httponly'] : true)
|
||||
);
|
||||
|
@ -53,7 +54,7 @@ class Session {
|
|||
|
||||
public function start() {
|
||||
session_start();
|
||||
self::$session_started = true;
|
||||
$this->session_started = true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -62,8 +63,8 @@ class Session {
|
|||
* @return void
|
||||
*/
|
||||
|
||||
static public function nuke() {
|
||||
self::new_cookie(0); // 0 means delete on browser exit
|
||||
public function nuke() {
|
||||
$this->new_cookie(0); // 0 means delete on browser exit
|
||||
if($_SESSION && count($_SESSION)) {
|
||||
foreach($_SESSION as $k => $v) {
|
||||
unset($_SESSION[$k]);
|
||||
|
@ -77,21 +78,23 @@ class Session {
|
|||
|
||||
$old_sid = session_id();
|
||||
|
||||
if(self::$handler && self::$session_started) {
|
||||
$arr = session_get_cookie_params();
|
||||
|
||||
if($this->handler && $this->session_started) {
|
||||
session_regenerate_id(true);
|
||||
|
||||
// force SessionHandler record creation with the new session_id
|
||||
// which occurs as a side effect of read()
|
||||
|
||||
self::$handler->read(session_id());
|
||||
$this->handler->read(session_id());
|
||||
}
|
||||
else
|
||||
logger('no session handler');
|
||||
|
||||
if (x($_COOKIE, 'jsdisabled')) {
|
||||
setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
|
||||
setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
|
||||
}
|
||||
setcookie(session_name(),session_id(),$newxtime);
|
||||
setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
|
||||
|
||||
$arr = array('expire' => $xtime);
|
||||
call_hooks('new_cookie', $arr);
|
||||
|
@ -100,12 +103,14 @@ class Session {
|
|||
|
||||
public function extend_cookie() {
|
||||
|
||||
$arr = session_get_cookie_params();
|
||||
|
||||
// if there's a long-term cookie, extend it
|
||||
|
||||
$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
|
||||
|
||||
if($xtime)
|
||||
setcookie(session_name(),session_id(),(time() + $xtime));
|
||||
setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
|
||||
$arr = array('expire' => $xtime);
|
||||
call_hooks('extend_cookie', $arr);
|
||||
|
||||
|
@ -152,7 +157,7 @@ class Session {
|
|||
// check any difference at all
|
||||
logger('Session address changed. Paranoid setting in effect, blocking session. '
|
||||
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
|
||||
self::nuke();
|
||||
$this->nuke();
|
||||
goaway(z_root());
|
||||
break;
|
||||
}
|
||||
|
|
1
boot.php
1
boot.php
|
@ -700,6 +700,7 @@ class App {
|
|||
private static $perms = null; // observer permissions
|
||||
private static $widgets = array(); // widgets for this page
|
||||
|
||||
public static $session = null;
|
||||
public static $groups;
|
||||
public static $language;
|
||||
public static $langsave;
|
||||
|
|
|
@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
|
|||
proc_run('php','include/directory.php',$channel_id);
|
||||
|
||||
if($channel_id == local_channel() && $unset_session) {
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
App::$session->nuke();
|
||||
goaway(z_root());
|
||||
}
|
||||
|
||||
|
|
|
@ -486,7 +486,7 @@ require_once('include/api_auth.php');
|
|||
|
||||
function api_account_logout(&$a, $type){
|
||||
require_once('include/auth.php');
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
App::$session->nuke();
|
||||
return api_apply_template("user", $type, array('$user' => null));
|
||||
|
||||
}
|
||||
|
|
|
@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
|||
// process logout request
|
||||
$args = array('channel_id' => local_channel());
|
||||
call_hooks('logging_out', $args);
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
App::$session->nuke();
|
||||
info( t('Logged out.') . EOL);
|
||||
goaway(z_root());
|
||||
}
|
||||
|
@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
|||
intval(ACCOUNT_ROLE_ADMIN)
|
||||
);
|
||||
if($x) {
|
||||
\Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day
|
||||
App::$session->new_cookie(60 * 60 * 24); // one day
|
||||
$_SESSION['last_login_date'] = datetime_convert();
|
||||
unset($_SESSION['visitor_id']); // no longer a visitor
|
||||
authenticate_success($x[0], true, true);
|
||||
|
@ -141,7 +141,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
|||
|
||||
if(x($_SESSION, 'uid') || x($_SESSION, 'account_id')) {
|
||||
|
||||
Zotlabs\Web\Session::return_check();
|
||||
App::$session->return_check();
|
||||
|
||||
$r = q("select * from account where account_id = %d limit 1",
|
||||
intval($_SESSION['account_id'])
|
||||
|
@ -155,14 +155,14 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
|||
}
|
||||
if(strcmp(datetime_convert('UTC','UTC','now - 12 hours'), $_SESSION['last_login_date']) > 0 ) {
|
||||
$_SESSION['last_login_date'] = datetime_convert();
|
||||
Zotlabs\Web\Session::extend_cookie();
|
||||
App::$session->extend_cookie();
|
||||
$login_refresh = true;
|
||||
}
|
||||
authenticate_success($r[0], false, false, false, $login_refresh);
|
||||
}
|
||||
else {
|
||||
$_SESSION['account_id'] = 0;
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
App::$session->nuke();
|
||||
goaway(z_root());
|
||||
}
|
||||
} // end logged in user returning
|
||||
|
@ -170,7 +170,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
|||
else {
|
||||
|
||||
if(isset($_SESSION)) {
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
App::$session->nuke();
|
||||
}
|
||||
|
||||
// handle a fresh login request
|
||||
|
@ -242,11 +242,11 @@ else {
|
|||
|
||||
if($_POST['remember_me']) {
|
||||
$_SESSION['remember_me'] = 1;
|
||||
\Zotlabs\Web\Session::new_cookie(31449600); // one year
|
||||
App::$session->new_cookie(31449600); // one year
|
||||
}
|
||||
else {
|
||||
$_SESSION['remember_me'] = 0;
|
||||
\Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
|
||||
App::$session->new_cookie(0); // 0 means delete on browser exit
|
||||
}
|
||||
|
||||
// if we haven't failed up this point, log them in.
|
||||
|
|
|
@ -30,7 +30,8 @@ function cli_startup() {
|
|||
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
|
||||
};
|
||||
|
||||
\Zotlabs\Web\Session::init();
|
||||
App::$session = new Zotlabs\Web\Session();
|
||||
App::$session->init();
|
||||
|
||||
load_config('system');
|
||||
|
||||
|
|
11
index.php
11
index.php
|
@ -62,7 +62,8 @@ if(! App::$install) {
|
|||
load_config('system');
|
||||
load_config('feature');
|
||||
|
||||
\Zotlabs\Web\Session::init();
|
||||
App::$session = new \Zotlabs\Web\Session();
|
||||
App::$session->init();
|
||||
load_hooks();
|
||||
call_hooks('init_1');
|
||||
|
||||
|
@ -84,7 +85,13 @@ if(! App::$install) {
|
|||
*
|
||||
*/
|
||||
|
||||
\Zotlabs\Web\Session::start();
|
||||
if(App::$session) {
|
||||
App::$session->start();
|
||||
}
|
||||
else {
|
||||
session_start();
|
||||
register_shutdown_function('session_write_close');
|
||||
}
|
||||
|
||||
/**
|
||||
* Language was set earlier, but we can over-ride it in the session.
|
||||
|
|
Loading…
Reference in a new issue